On Jan 30, 2013, at 10:24 AM, Stian Øvrevåge wrote:
> On Wed, Jan 30, 2013 at 2:59 PM, Nicholas Weaver
> <nweaver at icsi.berkeley.edu> wrote:
>>>> On Jan 29, 2013, at 7:25 PM, Eric Boettner wrote:
>>>>>>>> Good evening,
>>>>>> I ran the test today - and got this error. I've run the test many of times, but today is the first time it flew up this specific error message. Can someone tell me what it means? Thanks!
>>>>>> NAT support for Universal Plug and Play (UPnP) (?): Not tested–
>>> An I/O error occurred during the test. The test result code is 34.
>>>>>>> It means we weren't able to contact your NAT using Universal Plug and Play, and that our code crashed during this process. So I wouldn't worry about it from your network's viewpoint, but if you have the test results URL, that wolud be useful to us to help debug why this occuredd.
>>>> Thansk.
>>>>>> Maybe your ISP have taken some measures to limit UPnP in light of
> Rapid7 and HD Moores publication of a research paper yesterday showing
> tens of millions of exposed devices with unprotected UPnP instances (
>http://www.forbes.com/sites/andygreenberg/2013/01/29/disable-a-protocol-called-upnp-on-your-router-now-to-avoid-a-serious-set-of-security-bugs/> ).
>> But, of course. It's most likely something else :-)
Nope. That is a probe from Java running on your computer to your local network, so the ISP doesn't matter.
But we are (in the next couple of days) going to add code to check for these UPnP vulnerabilities: The actual vulnerability space is higher, HD. Moore only found EXTERNAL facing UPnP, internal is also a problem and can also be vulnerable.